写在前面:前人栽树后人乘凉,谢谢网上各位大佬的解题思路作为参考学习;
一、实验准备
1、实验地址:Kioptrix: Level 1.3 (#4) ~ VulnHub
2、下载之后,本地解压,用VMware运行该虚拟机;
3、设置Kioptrix Level 1.3与攻击机网络环境,保证在同一局域网;
4、本实验攻击机使用的是Kali Linux,IP地址:10.10.10.131
二、情报收集
┌──(root💀kali)-[~]
└─# nmap -sP 10.10.10.0/24
Nmap scan report for 10.10.10.149 (10.10.10.149)
Host is up (0.00036s latency).
MAC Address: 00:0C:29:AE:CA:8A (VMware)
┌──(root💀kali)-[~]
└─# nmap -sV -p1-65535 10.10.10.149
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1.2 (protocol 2.0)
80/tcp open http Apache httpd 2.2.8 ((Ubuntu) PHP/5.2.4-2ubuntu5.6 with Suhosin-Patch)
139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
MAC Address: 00:0C:29:AE:CA:8A (VMware)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
1、smb探测
msf6 auxiliary(scanner/smb/smb_enumusers) > run
[+] 10.10.10.149:139